How Noah uses IPsec to set up secure network traffic. The law that might open up hardware to hobbyist & we narrow down the options for bulletproof Linux.

Plus the picks, news & more!

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Patreon

— Show Notes: —


LinuxAcad

Brought to you by: Linux Academy

IPSec

Head Office Configuration

GRE Tunnels

/interface gre
add comment=BranchOffice !keepalive name=”To Branch” remote-address=192.168.0.2

OSPF Routing

/routing ospf area
add area-id=0.0.0.1 name=”Area 1″
add area-id=0.0.0.2 name=”Area 2″
add area-id=0.0.0.3 name=”Area 3″
add area-id=0.0.0.4 name=”Area 4″

/routing ospf network
add area=”Area 1″ network=192.168.0.0/30
add area=”Area 1″ network=192.168.1.0/24
add area=”Area 2″ network=192.168.0.4/30
add area=”Area 3″ network=192.168.0.8/30
add area=”Area 4″ network=192.168.0.12/30

IP Addresses

/ip address
add address=192.168.0.1/30 comment=Branch interface=”To Branch”

NAT Bypass for IPSEC ( MUST BE DRAGGED TO THE TOP OF NAT RULES! )

/ip firewall nat
add chain=srcnat dst-address=192.168.0.2 src-address=192.168.0.1
add chain=srcnat dst-address=192.168.0.6 src-address=192.168.0.5
add chain=srcnat dst-address=192.168.0.10 src-address=192.168.0.9
add chain=srcnat dst-address=192.168.0.14 src-address=192.168.0.13

IPSEC to Branches

/ip ipsec peer
add address=1.1.1.1 comment=”To Branch” enc-algorithm=aes-128 nat-traversal=no secret=
/ip ipsec policy
add comment=”To Branch” dst-address=192.168.0.2/32 sa-dst-address=1.1.1.1 sa-src-address=2.2.2.2 src-address=192.168.0.1/32 tunnel=yes
/ip ipsec peer

Set hostname

/system identity
set name=HeadOffice

Branch Office Configuration

GRE Tunnel

/interface gre
add comment=”To Headoffice” !keepalive name=”To Headoffice” remote-address=192.168.0.9

OSPF Routing

/routing ospf area
add area-id=0.0.0.3 name=”Area 3″

/routing ospf network
add area=”Area 3″ network=192.168.0.8/30
add area=”Area 3″ network=192.168.4.0/24

static route for vpn

/ip route
add dst-address=192.168.1.0/24 gateway=192.168.0.9

NAT Bypass for IPSEC ( MUST BE DRAGGED TO THE TOP OF NAT RULES! )

/ip firewall nat
add chain=srcnat dst-address=192.168.0.9 src-address=192.168.0.10

IPSEC to Heritage

/ip ipsec peer
add address=2.2.2.2 comment=”To headoffice” enc-algorithm=aes-128 nat-traversal=no secret=

/ip ipsec policy
add comment=”To Headoffice” dst-address=192.168.0.9/32 sa-dst-address=2.2.2.2 > sa-src-address=1.1.1.1 src-address=192.168.0.10/32 tunnel=yes

ntp settings

/system
ntp client set enabled=yes > server-dns-names=0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org

Set hostname

/system identity
set name=BranchOffice

— PICKS —

Runs Linux

British Maritime Museum RUNS LINUX

http://bit.ly/2kBOgDc

Desktop App Pick

Invite friends to SSH into your laptop using their Github handle

Wouldn’t it be great to allow a fellow developer to quickly and securely SSH into
your laptop when you’re in the middle of a debugging session even if you are on two
separate networks behind NAT?

A few months ago we released a free tool, Teleconsole, we built so we
could do exactly that. We are a distributed team, with bare metal servers sitting in our San Francisco office, several AWS and Azure regions and a bunch of customer environments we are sometimes asked to jump into.

Distro of the Week

GeckoLinux – Linux for Detail Oriented Geckos

GeckoLinux is a Linux spin based on the openSUSE distribution, with a focus on polish and out-of-the-box usability on the desktop. It is available in Static (based on openSUSE Leap) and Rolling (based on openSUSE Tumbleweed) editions.


— NEWS —

Five States Are Considering Bills to Legalize the ‘Right to Repair’ Electronics

_The legislation is modeled on the _Motor Vehicle Owners’ Right to Repair Act a law passed in Massachusetts in 2012. T_hat law effectively became national legislation, because auto manufacturers feared having to deal with the intricacies of 50 different state laws on the issue. The hope is that at least one electronics right to repair law will pass this year, similarly opening the floodgates for consumers and repair companies around the country.

_

Kicking Off Budgie 11

At this moment in time, the core remaining reason for Budgie even “working” on the GNOME stack, is that it expends
an awful lot of effort pretending to be GNOME Shell

Wine 2.0 is out, ready to disappoint you once again

Wine 2.0 is out, which is a huge milestone for the project. It has more support for more software, includes a lot of graphics speedups, and even supports retina displays on Mac. The list of compatible software is indeed impressive — the latest and greatest apps are rarely supported, but many relatively recent “classics” like Left 4 Dead, Fallout 3, and Office 2013 are supposedly operational.

Simplehelp Delivers on Commitment to Linux

The real test of any software is not in its function but in how well the company stands behind the product. Well, this week that test happened. Simplehelp made an update that made the client totally unusable under Linux. Any key you pressed would repeat constantly and right mouse clicks would not work at all. I tweeted them. They responded again almost immediately and asked for specific distributions they could test. I gave them the distributions and the next tweet I received was them telling me the problem was fixed.

Feedback:

Chris Asks

  • Very high capacity storage, that’s protected from vibration and movement?
Mail Bag
  • Name: Chris B
  • Subject: Arch v LTS

  • Message:

Hey guys! Love the show, and had a question that I was wondering if I could get an opinion on from the two foremost Linux experts. I’m currently an Arch user, but I’m troubled by your recent stories of Arch breaking at a crucial time. I am considering a switch back to Xubuntu 16.04 when my new x260 (thanks Noah!) arrives, because I’ve noticed that the Arch system I have created now is very similar to a base install of Xubuntu. I enjoy the rolling release/bleeding edge nature of Arch (especially Pragha in the default repos and the newest version of Firejail), but wonder if Xubuntu would be more “bulletproof” (In keeping with your newest of discussions) and if Arch is worth the trouble if it will essentially be used to create Xubuntu. Thank you, love the show, and keep up the great work!


  • Name: Rick F
  • Subject: Bullet Proof Linux

  • Message:

Arch Linux proper with the linux-lts kernel, nvidia-lts driver if using Nvidia, and a Desktop Environment that is NOT Gnome or Plasma.

The only issues I have had with Arch Linux have been tied to the graphics driver, display manager, and desktop environment.

I love Gnome and Plasma, however both are being updated too often to be considered bullet proof. Use something boring like XFCE or MATE if you want bulletproof. By default XFCE and MATE look pretty boring, but they can be tweaked to look amazing. Check out reddit.com/r/unixporn

Catch the show LIVE SUNDAY:

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Twitter

Question? Comments? Contact us here!